Enhancements and resolved issues in PingFederate 11.1.1.
Administrative API enhancement
Improved the administrative API to manage the System for Cross-domain Identity Management (SCIM) inbound provisioning settings in identity provider (IdP) connections.
Message customization enhancement
Enhanced PingFederate message customization by adding the following FedHub-specific context variables:
Cluster management enhancement
Revised the Cluster Management window to make it more obvious when changes to the configuration on the administrative node have not been replicated to the engine nodes.
Security around password expiration
Improved the security around password expiration when using PingDirectory as a user store.
Issuance criteria in authentication policy contracts
Issuance criteria in authentication policy contracts no longer cause the logs to indicate invalid XML errors. This issue did not cause runtime errors.
HTTP header for client IP addresses
Resolved an issue that sometimes occurred when IPV6 addresses were specified in the HTTP Header for Client IP Addresses field on the Incoming Proxy Settings window.
PingFederate error descriptions no longer disclose details of java classes.
MasterKeyEncryptor failure during cluster replication
When PingFederate is using a custom MasterKeyEncryptor that relies on an SSL call to an external service, cluster replication no longer causes cascading failures because PingFederate is unable to open Java key store files.
Updating the client secret with the OAuth client management service
When updating the client secret with the OAuth client management service, PingFederate now correctly creates the secondary secrets.
Now when PingFederate receives an OAuth
authorization request with
change and account recovery flows using an authentication policy work